August 26, 2013

China Blames ‘Denial of Service’ Attack For Crashing Internet

The Chinese government is blaming the largest denial-of-service (DoS) attack it has ever received for bringing down part of its Internet. The attackers disrupted service to many sites with the .cn domain shortly after 2 a.m. local time. A second, more intense attack was launched against the Chinese Internet two hours later.

According to a PCWorld report, the China Internet Network Information Center (CNNIC) issued an apology during the outages, saying some sites were unavailable because it was working to improve its “service capabilities.” Access to the sites was gradually restored by 10 a.m. The CNNIC said they’re not yet certain where the attack was coming from or who was behind it, but security experts say it could either have been carried out by a sophisticated group of hackers or a single attacker.

In a report by the Wall Street Journal, security and web performance company CloudFare said only some users would have been denied access to some sites as a result of this attack. Overall, said CloudFare’s chief executive Matthew Prince, there was a 32 percent drop in China’s Internet traffic during the attack.

DoS attacks work by flooding a network with millions of requests. Though the network may deny each of these requests, it can eventually receive so many that it’s incapable of handling them all and will then crash. Though China has often been called out for harboring hackers who launch these kinds of attacks against other countries, Prince says China may not be able to defend itself from the same type of attack.

China and the US are involved in a back-and-forth, each claiming the other is largely responsible for hacking attacks.

Earlier this year security firm Mandiant discovered that an arm of the Chinese government was responsible for attacking the New York Times for four months following an investigation on China’s Prime Minister. China immediately denied these allegations. Shortly thereafter China’s Communist Party newspaper, The People’s Daily, issued a report claiming the US was trying to pin its attacks on China and that, furthermore, China received a number of attacks from IP addresses in the US. The Ministry of Defense later said nearly two-thirds of all of China's attacks stem from the United States.

In April a security team from Verizon confirmed Mandiant’s report when it found that 96 percent of all attacks originate in East Asia and China. While some of these attacks are thought to be carried out to steal money or information from private parties, a large percentage of these attacks are also thought to be carried out as an act of espionage.

A third security company, Prolexic, conducted its own research and found that the overall number of DoS and DDoS (distributed-denial-of-service) attacks are on the rise, with 40 percent of all botnet sourced attacks coming from China. The United States came in second place and was responsible for more than 21 percent of botnet activity in Q1 2013.